feat: add encypted instance test for postgres
Some checks failed
CI Workflow / Check GoReleaser config (pull_request) Successful in 5s
CI Workflow / Test readiness for publishing provider (pull_request) Failing after 5m21s
CI Workflow / CI run build and linting (pull_request) Failing after 7m10s
CI Workflow / CI run tests (pull_request) Failing after 7m25s
CI Workflow / Code coverage report (pull_request) Has been skipped
Some checks failed
CI Workflow / Check GoReleaser config (pull_request) Successful in 5s
CI Workflow / Test readiness for publishing provider (pull_request) Failing after 5m21s
CI Workflow / CI run build and linting (pull_request) Failing after 7m10s
CI Workflow / CI run tests (pull_request) Failing after 7m25s
CI Workflow / Code coverage report (pull_request) Has been skipped
This commit is contained in:
parent
872c06ec68
commit
411e99739a
2 changed files with 138 additions and 2 deletions
|
|
@ -5,6 +5,7 @@ import (
|
|||
_ "embed"
|
||||
"fmt"
|
||||
"log"
|
||||
"math"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
|
@ -183,8 +184,56 @@ func TestAccInstance(t *testing.T) {
|
|||
exData,
|
||||
),
|
||||
Check: resource.ComposeAggregateTestCheckFunc(
|
||||
// check params acl count
|
||||
resource.TestCheckResourceAttr(testItemID, "acl.#", "1"),
|
||||
|
||||
// check params are set
|
||||
resource.TestCheckResourceAttrSet(testItemID, "backup_schedule"),
|
||||
|
||||
//// connection_info should contain 1 sub entry
|
||||
// resource.TestCheckResourceAttr(testItemID, "connection_info.%", "1"),
|
||||
//
|
||||
//// connection_info.write should contain 2 sub entries
|
||||
// resource.TestCheckResourceAttr(testItemID, "connection_info.write", "2"),
|
||||
//
|
||||
// resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.host"),
|
||||
// resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.port"),
|
||||
|
||||
resource.TestCheckResourceAttrSet(testItemID, "flavor_id"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "id"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "instance_id"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "is_deletable"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "name"),
|
||||
|
||||
// network should contain 4 sub entries
|
||||
resource.TestCheckResourceAttr(testItemID, "network.%", "4"),
|
||||
|
||||
resource.TestCheckResourceAttrSet(testItemID, "network.access_scope"),
|
||||
|
||||
// on unencrypted instances we expect this to be empty
|
||||
resource.TestCheckResourceAttr(testItemID, "network.instance_address", ""),
|
||||
resource.TestCheckResourceAttr(testItemID, "network.router_address", ""),
|
||||
|
||||
// only one acl entry should be set
|
||||
resource.TestCheckResourceAttr(testItemID, "network.acl.#", "1"),
|
||||
|
||||
resource.TestCheckResourceAttrSet(testItemID, "replicas"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "retention_days"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "status"),
|
||||
|
||||
// storage should contain 2 sub entries
|
||||
resource.TestCheckResourceAttr(testItemID, "storage.%", "2"),
|
||||
|
||||
resource.TestCheckResourceAttrSet(testItemID, "storage.performance_class"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "storage.size"),
|
||||
resource.TestCheckResourceAttrSet(testItemID, "version"),
|
||||
|
||||
// check absent attr
|
||||
resource.TestCheckNoResourceAttr(testItemID, "encryption"),
|
||||
resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_id"),
|
||||
resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_ring_id"),
|
||||
resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_version"),
|
||||
resource.TestCheckNoResourceAttr(testItemID, "encryption.service_account"),
|
||||
|
||||
// check param values
|
||||
resource.TestCheckResourceAttr(testItemID, "name", exData.Name),
|
||||
|
|
@ -341,6 +390,93 @@ func TestAccInstanceWithDatabases(t *testing.T) {
|
|||
)
|
||||
}
|
||||
|
||||
func TestAccEncryptedInstanceWithDatabases(t *testing.T) {
|
||||
encKekKeyID, ok := os.LookupEnv("TF_ACC_KEK_KEY_ID")
|
||||
if !ok || encKekKeyID == "" {
|
||||
t.Skip("env var TF_ACC_KEK_KEY_ID needed for encryption test")
|
||||
}
|
||||
|
||||
encKekKeyRingID, ok := os.LookupEnv("TF_ACC_KEK_KEY_RING_ID")
|
||||
if !ok || encKekKeyRingID == "" {
|
||||
t.Skip("env var TF_ACC_KEK_KEY_RING_ID needed for encryption test")
|
||||
}
|
||||
|
||||
encKekKeyVersion, ok := os.LookupEnv("TF_ACC_KEK_KEY_VERSION")
|
||||
if !ok || encKekKeyVersion == "" {
|
||||
t.Skip("env var TF_ACC_KEK_KEY_VERSION needed for encryption test")
|
||||
}
|
||||
|
||||
encSvcAcc, ok := os.LookupEnv("TF_ACC_KEK_SERVICE_ACCOUNT")
|
||||
if !ok || encSvcAcc == "" {
|
||||
t.Skip("env var TF_ACC_KEK_SERVICE_ACCOUNT needed for encryption test")
|
||||
}
|
||||
|
||||
data := getExample()
|
||||
data.UseEncryption = true
|
||||
data.KekKeyID = encKekKeyID
|
||||
data.KekKeyRingID = encKekKeyRingID
|
||||
data.KekServiceAccount = encSvcAcc
|
||||
encKekKeyVersionInt, err := strconv.Atoi(encKekKeyVersion)
|
||||
if err != nil {
|
||||
t.Errorf("error converting string to int")
|
||||
}
|
||||
if encKekKeyVersionInt > math.MaxUint8 {
|
||||
t.Errorf("value too large to convert to uint8")
|
||||
}
|
||||
data.KekKeyVersion = uint8(encKekKeyVersionInt) //nolint:gosec // handled above
|
||||
|
||||
dbName := "testdb"
|
||||
userName := "testUser"
|
||||
data.Users = []User{
|
||||
{
|
||||
Name: userName,
|
||||
ProjectID: os.Getenv("TF_ACC_PROJECT_ID"),
|
||||
Roles: []string{"login"},
|
||||
},
|
||||
}
|
||||
|
||||
data.Databases = []Database{
|
||||
{
|
||||
Name: dbName,
|
||||
ProjectID: os.Getenv("TF_ACC_PROJECT_ID"),
|
||||
Owner: userName,
|
||||
},
|
||||
}
|
||||
|
||||
resource.ParallelTest(
|
||||
t, resource.TestCase{
|
||||
PreCheck: func() {
|
||||
testAccPreCheck(t)
|
||||
t.Logf(" ... working on instance %s", data.TfName)
|
||||
},
|
||||
CheckDestroy: testAccCheckPostgresFlexDestroy,
|
||||
ProtoV6ProviderFactories: testutils.TestAccProtoV6ProviderFactories,
|
||||
Steps: []resource.TestStep{
|
||||
// Create and verify
|
||||
{
|
||||
Config: testutils.StringFromTemplateMust(
|
||||
"testdata/instance_template.gompl",
|
||||
data,
|
||||
),
|
||||
Check: resource.ComposeAggregateTestCheckFunc(
|
||||
resource.TestCheckResourceAttr(
|
||||
testutils.ResStr(pfx, "instance", data.TfName),
|
||||
"name",
|
||||
data.Name,
|
||||
),
|
||||
resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "instance", data.TfName), "id"),
|
||||
resource.TestCheckResourceAttr(testutils.ResStr(pfx, "user", userName), "name", userName),
|
||||
resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "user", userName), "id"),
|
||||
resource.TestCheckResourceAttr(testutils.ResStr(pfx, "database", dbName), "name", dbName),
|
||||
resource.TestCheckResourceAttr(testutils.ResStr(pfx, "database", dbName), "owner", userName),
|
||||
resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "database", dbName), "id"),
|
||||
),
|
||||
},
|
||||
},
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
// func setupMockServer() *httptest.Server {
|
||||
// mux := http.NewServeMux()
|
||||
//
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ resource "stackitprivatepreview_postgresflexalpha_instance" "{{ .TfName }}" {
|
|||
}
|
||||
{{ if .UseEncryption }}
|
||||
encryption = {
|
||||
kek_key_id = {{ .KekKeyID }}
|
||||
kek_key_ring_id = {{ .KekKeyRingID }}
|
||||
kek_key_id = "{{ .KekKeyID }}"
|
||||
kek_key_ring_id = "{{ .KekKeyRingID }}"
|
||||
kek_key_version = {{ .KekKeyVersion }}
|
||||
service_account = "{{ .KekServiceAccount }}"
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue